1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
// Test for startuo warning when X509 auth and sslAllowInvalidCertificates are enabled
(function() {
'use strict';
function runTest(checkMongos, opts, expectWarningCertifcates, expectWarningHostnames) {
clearRawMongoProgramOutput();
let mongo;
if (checkMongos) {
mongo = MongoRunner.runMongos(Object.assign({
configdb: "fakeRS/localhost:27017",
waitForConnect: false,
},
opts));
} else {
mongo = MongoRunner.runMongod(Object.assign({
auth: '',
sslMode: 'preferSSL',
sslPEMKeyFile: 'jstests/libs/server.pem',
sslCAFile: 'jstests/libs/ca.pem',
waitForConnect: false,
},
opts));
}
assert.soon(function() {
const output = rawMongoProgramOutput();
return (
expectWarningCertifcates ==
output.includes(
'While invalid X509 certificates may be used to connect to this server, they will not be considered permissible for authentication') &&
expectWarningHostnames ==
output.includes(
'This server will not perform X.509 hostname validation. This may allow your server to make or accept connections to untrusted parties'));
});
stopMongoProgramByPid(mongo.pid);
}
function runTests(checkMongos) {
// Don't expect a warning for certificates and hostnames when we're not using both options
// together.
runTest(checkMongos, {}, false, false);
// Do expect a warning for certificates when we're combining options.
runTest(checkMongos, {sslAllowInvalidCertificates: ''}, true, false);
// Do expect a warning for hostnames.
runTest(checkMongos, {sslAllowInvalidHostnames: ''}, false, true);
// Do expect a warning for certificates and hostnames.
runTest(
checkMongos, {sslAllowInvalidCertificates: '', sslAllowInvalidHostnames: ''}, true, true);
}
// Run tests on mongos
runTests(true);
// Run tests on mongod
runTests(false);
})();
|
